search cancel

LDAP refresh is working only on the primary replication leader

book

Article ID: 227305

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We have 3 nodes in the primary site and LDAP refresh is working on only one of them. Please look into this issue and let us know if that is expected behavior.

Environment

Release : 3.4.x, 4.0.x and 4.1

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The fact is that the LDAP refresh runs on the replication leader of the site. This is as per the product design.

This can be verified by doing a review of the session logs.

In the primary replication site leader, the session logs will have an entry with "PAM-LDAP-0009"